Arbitrary Code Execution Vulnerability in Substance3D Painter Could Lead to User Data Theft
CVE-2024-53957

7.8HIGH

Key Information:

Vendor: Substance3D
Status: Substance 3d Painter
Vendor: CVE Published:; 10 December 2024

Summary

Substance3D Painter versions 10.1.1 and earlier are vulnerable to a Heap-based Buffer Overflow that can lead to arbitrary code execution within the context of the user currently logged in. This vulnerability poses a significant risk when a user interacts with malicious files. Successful exploitation requires the victim to open a specially crafted file, allowing the attacker to execute arbitrary code on the system, potentially compromising the integrity and confidentiality of the user's data.

References

https://helpx.adobe.com/security/products/substance3d_pai...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2024

Collectors

NVD Database